BC-SNC, MIT Kerberos V, SSO, GSS-API v2
Norbert Klasen
norbert+lists.mit-kerberos at burgundy.dyndns.org
Tue Sep 7 08:40:44 EDT 2004
Hello Calin,
--On Dienstag, 7. September 2004 10:04 +0200 Calin Barbat
<c.barbat at osram.de> wrote:
> Both adapters now pass gsstest-1.26. The remaining issue is that I still
> get the following error output (in dev_w0) when trying to SNC connect to
> the server:
>
> N *** ERROR => SncPEstablishContext()==SNCERR_GSSAPI [sncxxall.c 3423]
> N GSS-API(maj): A token was invalid
> N GSS-API(min): Mechanism is incorrect
> N Unable to establish the security context
> N <<- SncProcessInput()==SNCERR_GSSAPI
> M *** ERROR => ThSncIn: SncProcessInput (SNCERR_GSSAPI) [thxxsnc.c
> 973]
> M *** ERROR => ThSncIn: SncProcessInput [thxxsnc.c 978]
> M in_ThErrHandle: 1
> M *** ERROR => ThSncIn: SncProcessInput (step 4, th_errno 44, action 1,
> level 1) [thxxhead.c 8787]
>
>
> Perhaps this is some configuration issue, perhaps it has to do with the
> interoperability between the MIT and Win2k Kerberos implementations.
> Any help or hint in the right direction would be greatly appreciated,
some hints you might want to try:
- use MIT Kerberos 1.3.x. It implements the native Windows enctype
arcfour-hmac-md5 and supports TCP to connect to the KDC. (unlikely)
- test if you can successfully establish a GSSAPI connection between your
Windows workstation and your Unix server with gss-client and gss-server
(Windows versions are included in the KfW package).
Norbert
More information about the Kerberos
mailing list